README.md

CVE-2019-15641

About

• https://nvd.nist.gov/vuln/detail/CVE-2019-15641

PoC / Exploit

• https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/

Environment used

• Ubuntu 18.04.3 LTS
• Webmin 1.90

Reproduction

• Server
  • Docker version:

    docker run --rm -p 10000:10000 -it simaofsilva/cve-2019-15641

  • Script version:

    sudo bash installation.sh

• Client:

  python3 exploit.py --ip SERVER_IP --port 10000 --user test --password qwerty --file FILE 

The output will be the content of FILE if system permissions allow.